Validating digital forensic evidence

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This dissertation focuses on the forensic validation of computer evidence. It is a burgeoning field, by necessity, and there have been significant advances in the detection and gathering of evidence related to electronic crimes. What makes the computer forensics field similar to other forensic fields is that considerable emphasis is placed on the validity of the digital evidence. It is not just the methods used to collect the evidence that is a concern. What is also a problem is that perpetrators of digital crimes may be engaged in what is called anti-forensics. Digital forensic evidence techniques are deliberately thwarted and corrupted by those under investigation. In traditional forensics the link between evidence and perpetrator's actions is often straightforward: a fingerprint on an object indicates that someone has touched the object. Anti-forensic activity would be the equivalent of having the ability to change the nature of the fingerprint before, or during the investigation, thus making the forensic evidence collected invalid or less reliable. This thesis reviews the existing security models and digital forensics, paying particular attention to anti-forensic activity that affects the validity of data collected in the form of digital evidence. This thesis will build on the current models in this field and suggest a tentative first step model to manage and detect possibility of anti-forensic activity. The model is concerned with stopping anti-forensic activity, and thus is not a forensic model in the normal sense, it is what will be called a “meta-forensic” model. A meta-forensic approach is an approach intended to stop attempts to invalidate digital forensic evidence. This thesis proposes a formal procedure and guides forensic examiners to look at evidence in a meta-forensic way

Expanding the UK Secure by Design proposal for a usable consumer-focused IoT security label

No person whom has any knowledge of security in the Internet of Things (IoT) would claim the current landscape is desirable, as exceedingly poor security of devices is routinely exhibited in an ecosystem experiencing exponential growth of devices. If these devices follow past trends in Cyber Security, it is not unreasonable to assume that without intervention another decade of exponentially growing costs attributed to Cyber Crime may lay ahead. After the failure of the voluntary approach to IoT Security, works are now being taken to legislate a minimum security standard.Building from existing proposals, this paper outlines real improvements that could be made to current ongoing works, with the intention of providing incentive for manufacturers to improve device security in the IoT sector and reduce the timeline for routine deployment of secured devices.Incorporating strategies developed in other industries, as well as security requirements from across international borders, a point-of-sale user focused label is proposed, which can be easily interpreted by non-technical users. Intending to provoke curiosity and fully reassure the end-user, a two-layer system is chosen which allows the conveyance of more detailed information than could fit on a physical label

From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems

Framing Internet of Things (IoT) applications as a System of Systems (SoS) can help us make sense of complexity associated with interoperability and emergence. However, assess- ing the risk of SoSs is a challenge due to the independence of component systems, and their differing degrees of control and emergence. This paper presents three components for SoS risk assessment that integrate with existing risk assessment approaches: Human System Integration (HSI), Interoperability identification and analysis, and Emergent behaviour evaluation and control measures. We demonstrate the application of these components by assessing a pervasive SoS: a SmartPowerchair

Encrochat:The hacker with a warrant and fair trials?

This paper introduces the Encrochat operation as an example of the technological, cross-border, and cross-disciplinary complexity of one contemporary digital investigation. The use of encryption for large-scale criminal activity and organized crime requires law enforcement to act pro-actively to secure evidence, to rely on cross-border evidence exchange, and to use more efficient digital forensic techniques for decryption, data acquisition, and analysis of volumized evidence. The Encrochat investigation also poses the question whether the traditional fair trial principle can still ensure minimum state intrusion and upholding of legitimacy in the new ubiquitous investigation process, where digital forensics methods and tools for hacking and data acquisition are used to identify and arrest thousands of suspects and collect evidence in real-time during criminal activity. The operation is examined through the lens of the right to a fair trial, as codified in Art. 6 ECHR, in order to exemplify three challenging aspects. Firstly, in cross-border investigations there are no binding digital forensics standards in criminal proceedings or forensic reports exchange policy which demands reliability and compliance with Art. 6 ECHR-based evidence rules. Secondly, the defense's stand is not sufficiently addressed in current digital evidence legislation or mutual trust-based instruments at the EU level. Finally, the judicial process lacks scalable procedures to scrutinize digital evidence processing and reliability and is exposed to technology dependences. The identified gaps and their practical impact require a novel approach to digital evidence governance.</p

Chronic Energy Deficiency and Associated Factors among Lactating Mothers (15-49 years old) in Offa Woreda, Wolayita Zone, SNNPRs, Ethiopia

The lactating mothers in developing countries like Ethiopia are the first targeted and nutritionally vulnerable groups to under nutrition due to different socio demographic factors which influence the health and well being of mothers and children. During lactation periods, mothers need more nutritious food than the rests of the household members. The aim of this study was to determine the nutritional status, associated factors and dietary diversity of lactating mothers 15-49 years old in Offa woreda. A cross-sectional community based study was carried out to determine the Chronic Energy deficiency of lactating mothers in the studied woreda. The lactating mothers were randomly selected from four rural and two urban kebeles. A total of 422 households were visited and the required data were collected as scheduled in all selected kebeles. The prevalence of under nutrition among the lactating mothers in the studied area was determined using BMI by Anthropometric measurements and the blood sample test for hemoglobin (Hb) concentration was done using Haemocue methods. The collected data were analyzed using Stata version 14.2 software. Among the participated lactating mothers the values 15.8%, 74.2%, 8.3% and 1.7% were obtained for under weight, normal, over weight and obese in their BMI (kg/m2), respectively. The studied participants of 15.8% were in chronic energy deficiency according to WHO guidelines. The lactating mothers’ percentage value 36.4%, 59.3%, 4.3% were in age group of 15-24, 25-34 and 35-49 years, respectively. The blood test showed that among the lactating mothers 11.4% were found anemic which had got hemoglobin level less than normal level (12g/dl). The daily dietary diversity intake per day of lactating mothers was classified as high (&gt;5 DDS) 1.2%, medium (4-5 DDS) 50.7% and low (&lt;3 DDS) 47.4% among the nine food groups recommended for women dietary diversity score (WDDS). The independent variables: education, family size, marital status and occupation were significantly associated with nutritional status of the lactating mothers at P&lt;0.05. In conclusion the majority of the lactating women in the study area had normal BMI. The researchers would like to recommend that the government and development agencies should focus on the risk factors identified, to ensure better health and nutrition for lactating mothers in this woreda

Credit rating agencies and the sovereign debt crisis: performing the politics of creditworthiness through risk and uncertainty

As member states struggle to retain the investment grades necessary to allow them to finance their governmental operations at a reasonable cost, credit rating agencies (CRAs) have been blamed for exacerbating a procyclical bias which only makes this task more difficult. How CRAs contribute to the constitution of the politics of limits underpinning the European sovereign debt crisis is at the core of this article. As a socio-technical device of control, sovereign ratings are an ‘illocutionary' statement about budgetary health, which promotes an artificial fiscal normality. Subsequently, these austere politics of creditworthiness have ‘perlocutionary' effects, which seek to censure political discretion through normalizing risk techniques aligned with the self-systemic, and thereby self-regulating, logic of Anglo-American versions of capitalism. The ensuing antagonistic relationship between the programmatic/expertise and operational/politics dimensions of fiscal governance leaves Europe vulnerable to crisis and the renegotiation of how the ‘political' is established in the economy. New regulatory technical standards (RTS) can exacerbated the performative effects on CRAs, investors and member states

A study into the validation of ATP testing devices for integrated cleanliness monitoring within healthcare settings

There is a problem in hospital cleaning. There is currently no scientific monitoring method that provides timely and reliable assurance that harmful bacteria have been removed by the cleaning processes. This PhD investigates the validation of commercially available testing devices intended for the rapid detection of adenosine triphosphate (ATP), which may provide a quantitative surrogate estimate of surface cleanliness based on ATP measurements. The findings indicate that ATP testing devices, despite problems with scaling and imprecision, provide immediacy in readings which enables the incorporation of ATP testing into an improved and integrated cleanliness monitoring process for applications within healthcare settings

Cybersecurity: Past, Present and Future

The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace is called cybersecurity. Cyberspace has created new technologies and environments such as cloud computing, smart devices, IoTs, and several others. To keep pace with these advancements in cyber technologies there is a need to expand research and develop new cybersecurity methods and tools to secure these domains and environments. This book is an effort to introduce the reader to the field of cybersecurity, highlight current issues and challenges, and provide future directions to mitigate or resolve them. The main specializations of cybersecurity covered in this book are software security, hardware security, the evolution of malware, biometrics, cyber intelligence, and cyber forensics. We must learn from the past, evolve our present and improve the future. Based on this objective, the book covers the past, present, and future of these main specializations of cybersecurity. The book also examines the upcoming areas of research in cyber intelligence, such as hybrid augmented and explainable artificial intelligence (AI). Human and AI collaboration can significantly increase the performance of a cybersecurity system. Interpreting and explaining machine learning models, i.e., explainable AI is an emerging field of study and has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-

Behavioral Feeding Problems of Normally Developing Children Under 4 Years of Age

Objectives: The objectives were to identify common problematic behaviours in cases of normally-developing children under four years of age and determine whether there were associations between responsiveness to treatment and number of behaviours and visits to the clinic, as well as low body weight. Rationale: The motive for this study was to address the gaps in literature by characterizing the population, acquiring data to help establish consistent nomenclature and categorization as well as information to help design a screening tool in the future. Methods: Secondary data was collected retrospectively from 106 medical charts that fit the inclusion criteria. The data was analyzed to determine whether there is an association between responsiveness to treatment and the number of problematic behaviours, frequency of visits to the clinic, presence of a medical condition and weight, using descriptive statistics and two-tailed t-test for data analysis. Results: There were statistically significant differences between the responsive and non-responsive groups in the total number of problematic behaviour

Security Audit Compliance for Cloud Computing

Cloud computing has grown largely over the past three years and is widely popular amongst today's IT landscape. In a comparative study between 250 IT decision makers of UK companies they said, that they already use cloud services for 61% of their systems. Cloud vendors promise "infinite scalability and resources" combined with on-demand access from everywhere. This lets cloud users quickly forget, that there is still a real IT infrastructure behind a cloud. Due to virtualization and multi-tenancy the complexity of these infrastructures is even increased compared to traditional data centers, while it is hidden from the user and outside of his control. This makes management of service provisioning, monitoring, backup, disaster recovery and especially security more complicated. Due to this, and a number of severe security incidents at commercial providers in recent years there is a growing lack of trust in cloud infrastructures. This thesis presents research on cloud security challenges and how they can be addressed by cloud security audits. Security requirements of an Infrastructure as a Service (IaaS) cloud are identified and it is shown how they differ from traditional data centres. To address cloud specific security challenges, a new cloud audit criteria catalogue is developed. Subsequently, a novel cloud security audit system gets developed, which provides a flexible audit architecture for frequently changing cloud infrastructures. It is based on lightweight software agents, which monitor key events in a cloud and trigger specific targeted security audits on demand - on a customer and a cloud provider perspective. To enable these concurrent cloud audits, a Cloud Audit Policy Language is developed and integrated into the audit architecture. Furthermore, to address advanced cloud specific security challenges, an anomaly detection system based on machine learning technology is developed. By creating cloud usage profiles, a continuous evaluation of events - customer specific as well as customer overspanning - helps to detect anomalies within an IaaS cloud. The feasibility of the research is presented as a prototype and its functionality is presented in three demonstrations. Results prove, that the developed cloud audit architecture is able to mitigate cloud specific security challenges